[Snort-sigs] Triggering a complex snort rule (packet forging)
wkitty42 at ...3507...
Tue Apr 2 11:36:02 EDT 2013
On 4/2/2013 07:28, Asiri Rathnayake wrote:
> May be I should've been more specific, sorry about that. I need to trigger the
> rule from the outside, without depending on the client.
your rule requires an "established" connection so there has to be another end of
the pipeline... the "server" is one end but where is the data going if there is
no client involved?
it may be possible, as others have pointed out, to simulate it via constructed
pcaps, though... not really something i'd want to attempt unless there is a tool
that can easily generate such a pcap of sufficient size... i'm not aware of one
but others may be...
my initial gut reaction says the /easiest/ method would be to use a scripted
client and a remote server...
More information about the Snort-sigs